Thursday, 17 April 2014

The Heartbleed Bug

Heartbleed is vulnearbility in the very popular Openssl cryptographic software.
This vulnerability allows the attacker to steal the users's information. SSL/TSL provides the communication security and privacy over the internet applications such as, web , email, and VPN,
Heartbleed allows everyone to read memory of the system protected by the vulnerable version of OpenSSL.
This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

Am I affected by the bug?

You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.